void
pf_init_context(struct context *c)
{
struct gc_arena gc = gc_new();
#ifdef PLUGIN_PF
if (plugin_defined(c->plugins, OPENVPN_PLUGIN_ENABLE_PF))
{
const char *pf_file = create_temp_file(c->options.tmp_dir, "pf", &gc);
if (pf_file)
{
setenv_str(c->c2.es, "pf_file", pf_file);
if (plugin_call(c->plugins, OPENVPN_PLUGIN_ENABLE_PF, NULL, NULL, c->c2.es) == OPENVPN_PLUGIN_FUNC_SUCCESS)
{
event_timeout_init(&c->c2.pf.reload, 1, now);
c->c2.pf.filename = string_alloc(pf_file, &c->c2.gc);
c->c2.pf.enabled = true;
#ifdef ENABLE_DEBUG
if (check_debug_level(D_PF_DEBUG))
{
pf_context_print(&c->c2.pf, "pf_init_context#1", D_PF_DEBUG);
}
#endif
}
else
{
msg(M_WARN, "WARNING: OPENVPN_PLUGIN_ENABLE_PF disabled");
}
}
}
#endif /* ifdef PLUGIN_PF */
#ifdef MANAGEMENT_PF
if (!c->c2.pf.enabled && management_enable_pf(management))
{
c->c2.pf.enabled = true;
#ifdef ENABLE_DEBUG
if (check_debug_level(D_PF_DEBUG))
{
pf_context_print(&c->c2.pf, "pf_init_context#2", D_PF_DEBUG);
}
#endif
}
#endif
gc_free(&gc);
}
int
plugin_call_ssl (const struct plugin_list *pl,
const int type,
const struct argv *av,
struct plugin_return *pr,
struct env_set *es
#ifdef USE_SSL
, int certdepth,
x509_cert_t *current_cert
#endif
)
{
if (pr)
plugin_return_init (pr);
if (plugin_defined (pl, type))
{
struct gc_arena gc = gc_new ();
int i;
const char **envp;
const int n = plugin_n (pl);
bool success = false;
bool error = false;
bool deferred = false;
setenv_del (es, "script_type");
envp = make_env_array (es, false, &gc);
for (i = 0; i < n; ++i)
{
const int status = plugin_call_item (&pl->common->plugins[i],
pl->per_client.per_client_context[i],
type,
av,
pr ? &pr->list[i] : NULL,
envp
#ifdef USE_SSL
,certdepth,
current_cert
#endif
);
switch (status)
{
case OPENVPN_PLUGIN_FUNC_SUCCESS:
success = true;
break;
case OPENVPN_PLUGIN_FUNC_DEFERRED:
deferred = true;
break;
default:
error = true;
break;
}
}
if (pr)
pr->n = i;
gc_free (&gc);
if (type == OPENVPN_PLUGIN_ENABLE_PF && success)
return OPENVPN_PLUGIN_FUNC_SUCCESS;
else if (error)
return OPENVPN_PLUGIN_FUNC_ERROR;
else if (deferred)
return OPENVPN_PLUGIN_FUNC_DEFERRED;
}
return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
/*
* Pass tunnel endpoint and MTU parms to a user-supplied script.
* Used to execute the up/down script/plugins.
*/
void
run_up_down (const char *command,
const struct plugin_list *plugins,
int plugin_type,
const char *arg,
const char *dev_type,
int tun_mtu,
int link_mtu,
const char *ifconfig_local,
const char* ifconfig_remote,
const char *context,
const char *signal_text,
const char *script_type,
struct env_set *es)
{
struct gc_arena gc = gc_new ();
if (signal_text)
setenv_str (es, "signal", signal_text);
setenv_str (es, "script_context", context);
setenv_int (es, "tun_mtu", tun_mtu);
setenv_int (es, "link_mtu", link_mtu);
setenv_str (es, "dev", arg);
if (dev_type)
setenv_str (es, "dev_type", dev_type);
if (!ifconfig_local)
ifconfig_local = "";
if (!ifconfig_remote)
ifconfig_remote = "";
if (!context)
context = "";
if (plugin_defined (plugins, plugin_type))
{
struct argv argv = argv_new ();
ASSERT (arg);
argv_printf (&argv,
"%s %d %d %s %s %s",
arg,
tun_mtu, link_mtu,
ifconfig_local, ifconfig_remote,
context);
if (plugin_call (plugins, plugin_type, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
msg (M_FATAL, "ERROR: up/down plugin call failed");
argv_reset (&argv);
}
if (command)
{
struct argv argv = argv_new ();
ASSERT (arg);
setenv_str (es, "script_type", script_type);
argv_printf (&argv,
"%sc %s %d %d %s %s %s",
command,
arg,
tun_mtu, link_mtu,
ifconfig_local, ifconfig_remote,
context);
argv_msg (M_INFO, &argv);
openvpn_run_script (&argv, es, S_FATAL, "--up/--down");
argv_reset (&argv);
}
gc_free (&gc);
}
